Tuesday, November 23, 2010

The following is a summary of a presentation I'm to give on the Tuesday of next week. Lemme know what you think -- whether or not it hits all the points of interest on the topic, if the organization is well structured, etc. Do note that this is merely a summary, not a full on paper, so use of abbreviations and conversational inconsistency of person shouldn't be of particular concern.

My security presentation covers the topic of Net Neutrality. It is relevant to our class in security because it has to do with the availability and integrity of internet services. Definition of the term "Network Neutrality" itself is as good a place as any to begin. I should like to follow up with a consideration of various bills that have been introduced or passed in congress relating to the issue, leading into a discussion of the current one on the table. Naturally this will lead into consideration of the current policies in place at the Federal Communications Commission and some cases which have come up. Since the presentation up to said point will mostly engender the 'for' or 'pro' side of the issue, it seems only fair to round it out by discussing some of the concerns of parties opposed to the bill.
"Net Neutrality" is rather difficult to pin down to one specific definition, since the definition used in legislative bills on the subject use one definition, internet service providers and network administrators use another, and the popular media uses still another. The current policy of the Federal Communication Commission is often described as one of network neutrality, where all content is treated equally and there is no prioritization. To put that into more specific terminology, it would seem to mean that no packet prioritization is in play (routers act as a 'dumb' network where the actual content of packet doesn't come into consideration). This is not quite how the network works in reality (for example, compare UDP and TCP/IP protocols and how TCP is built to scale itself back when traffic gets heavy, while UDP does not. This effectively gives any content using UDP priority over TCP traffic). This is where another definition of network neutrality comes into play; that it is a policy of equal treatment in regard to users using certain services. Providers are prohibited from blocking or throttling any 'lawful' services and/or any 'lawful' content (where lawful is generally taken to refer to trafficking of certain content like child pornography being illegalized).
A number of bills have come and gone through congress in an effort to pass more regulations concerning network traffic control. The first of these bills comes from around 2005, under the name of the Internet Freedom and Nondiscrimination Act. When that failed, congress attempted to include most of the basic legislation as a rider on the COPE Act, though this was also shot down. It was again brought to the floor as the Net Neutrality Bill. This one also failed to pass, and the modern incarnation which is currently in committee hearings is called the Internet Freedom Preservation Act. I've included the summary of the bill as part of the presentation and intend to read the main points of the policy, but it essentially prohibits ISPs from: preventing any particular individual from using internet access services, imposing special charges on particular types of content providers, preventing the usage of any 'lawful' device in conjunction with said services, establishing a scheme for prioritizing any given host's traffic over other hosts, and/or installing any network functionality to enable any of the aforementioned activities. It also sets the FCC up as the agency in charge of enforcing said regulations.
The current policy of the FCC isn't actually all that different than the proposed bill, though the regulations tend towards the vague and nebulous. Basically the policy is that all users should have access to lawful content, be able to run lawful applications/services, use lawful devices, and the FCC is directed to promote competition among iSPs and various content providers. A few incidents have arisen where these various powers have been tested. Whether it has proven enough, too much, or too little has been a primary point of contention among the various parties who have thrown their hats into the socio-political arena of ideas concerning this topic.
Comcast has become perhaps the most (in)famous ISP because of a related incident. In October 2007, the company, primarily in an effort to cooperate and comply with RIAA, MPAA, and federal rulings on copyright infringement, decided to block and/or interfere with network traffic assumed to contain pirated music and movies transferred over Bittorrent and other peer-to-peer filesharing software. The method of blocking was rather indirect (a DoS attack using reset packets), but due to the fact that a number of customers had legitimate services hindered or blocked by this incident, Comcast was brought to court by both a class action civil suit and a criminal charge from the FCC. While the criminal charge was not successful (apparently still active in appeals, though), Comcast was charged $16 per share to settle the civil suit. I'll go into more detail on the other events in class, since this summary is already getting long (admittedly, this is the best-documented one).
Let's finish out with the arguments against. The primary argument is not so much against the idea of Net Neutrality per se, as it is that the system already in place gets the job done. More specifically, the market as it is prevents ISPs from enacting the kind of priority systems previously mentioned; partly because the changing of the hardware is either technically infeasible (too expensive if even possible) or would end up cutting that particular ISP off from the rest of the internet, which is hardly the kind of service customers would want or pay for. Another argument against is the consideration of ISPs as the owners of these various communications networks, which they have paid to implement. Several property, which is, as ever, the central right, would seem to dictate that ISPs ought to have complete control over their own networks and their use (much as wireless communications companies have over their networks); and that any regulations to enforce government control would be unconstitutional. The next argument of note is the consideration of innovation in the network core -- that different methods of network management would be more difficult to attempt, or ISPs would be less likely to try in a more regulated environment. More technically inclined individuals provide yet another argument (and this goes back to the original way in which net neutrality is defined) -- that not all services are equal, and for the network to operate efficiently, different services must necessarily be treated differently. That should cover most, if not all, of the views in both directions.

Sources used in gathering the information in this summary and for the presentation are as follows (using Chicago Style Citations):